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DETAILED ACTION 



Priority 

1 . Acknowledgment is made of applicant's claim for foreign priority based on 
applications filed in Australia on August 13, 1999, and August 23, 1999. It is noted, 
however, that applicant has not filed a certified copy of the Australian PQ2184 and 
PQ2347 applications as required by 35 U.S.C. 119(b). Accordingly, priority is only given 
to the PCT, filed August 1 1 , 2000. 



Claim Rejections - 35 USC §112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1-15. 29. 31. and 32 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

4. Claims 1-15. 31. and 32 recite the limitations "permitting a client" and "requiring 
the client" in the first three limitations. It is unclear what the applicant's intended metes 
and bounds for the claims are. 

5. Claims 3 and 29 recite the limitation "said selected input number" in limitation 
two. There is insufficient antecedent basis for this limitation in the claim. 

6. Claim 8 recites the limitation "said password" in the wherein clause. There is 
insufficient antecedent basis for this limitation in the claim. 
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7. Claim 13 recites the limitation "said fractal" in the wherein clause. There is 
insufficient antecedent basis for this limitation in the claim. 

8. Claim 31 recites the limitation "said vendor" in limitation one. There is insufficient 
antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 101 

9. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

10. Claims 1-15. 31, and 32 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Permitting a client and requiring a 
client to perform steps is non-statutory. 



Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

12. Claim 32 is rejected under 35 U.S.C. 102(a/e) as being anticipated by Haperen 
(U.K. Patent No. GB 2313460 A). 
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Regarding claim 32 , Haperen teaches a user authentication method to 
authenticate a registered user of a service over a computer network, the method 
comprising the steps of: 

• Permitting a client user to request a service from a service provider accessible 
from said computer network (page 3, last paragraph, user tries to log into 
terminal); 

• Requiring the client user to submit a unique graphic to the service provider (page 
3, last paragraph, user clicks certain images); 

• Comparing said submitted unique graphic with a unique graphic pre-recorded 
with said service provider to determine if they are the same (page 4, first 
paragraph, computer checks supplied password); and 

• Granting the client user registered user status if said submitted unique graphic is 
the same as said unique graphic pre-recorded with said service provider and 
thereby providing access to said service from said computer network (page 4, 
first paragraph). 



Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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14. Claims 1-8, 10-21. and 23-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hageren (U.K. Patent No. GB 2313460 A) in view of Ohta (U.S. 
Patent No. 5,596,640), and further in view of Kocher (U.S. Patent No. 6,188,766). 

Regarding claims 1 and 16 . Haperen teaches a user authentication 
method/system to authenticate a registered user of a service over a computer network, 
the method/system comprising the steps of: 

• Permitting a client user to request a service from a service provider accessible 
from said computer network (page 3, last paragraph, user tries to log into 
terminal); 

• Requiring the client user to submit at least one unique graphic to the service 
provider, said unique graphic including embedded second password data (page 
3, last paragraph, user tries to log into terminal); 

• Extracting the second password from said embedded second password data 
contained within said unique graphic (page 4, first paragraph, computer finds 
associated identification via a table); 

• Comparing the submitted first password and extracted second password to 
determine if a pre-defined relationship exists between the passwords (page 4, 
first paragraph, computer checks supplied password); and 

• Granting the client user authentic registered user status if said pre-defined 
relationship exists and providing access to said service (page 4, first paragraph). 
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Haperen does not teach requiring the client user to submit at least one first 
password to the service provider. 

Ohta teaches requiring the client user to submit at least one first password to the 
service provider (fig. 27, step 33/34). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine obtaining a first password from the client, as taught by 
Ohta , with the method/system of Haperen . It would have been obvious for such 
modifications because a password restricts entry of certain data/services to an 
authorized password bearer. 

The combination of Haperen and Ohta does not specifically teach a service 
provider. However, Kocher teaches a service provider (col. 9, lines 50-65). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a service provider, as taught by Kocher , with the 
method/system of Haperen/Ohta . It would have been obvious for such modifications 
because a service provider, when supplied with the proper password, supplies a service 
to a client that is authorized for said service. 
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Regarding claims 2 and 17 , Haperen as modified by Ohta/Kocher teaches said 
method further comprising the step of allowing a registered user of said service to select 
said first password (see col. 6, lines 19-30 of Ohta). 

Regarding claims 3 and 29 , Haperen as modified by Ohta/Kocher teaches said 
method further comprising the steps of: 

• Allowing said user to select an input value (see page 3, last paragraph of 
Haperen, user selects input symbols); 

• Using said selected input number to index a table to determine a table number 
(see page 4, first paragraph of Haperen, use of a table); and 

• Using the table number to determine an output number and thereby the second 
password (see page 4, first paragraph of Haperen, use of a table). 

Regarding claims 4 and 30 , Haperen as modified by Ohta/Kocher teaches 
wherein said method comprises the step of randomly mapping input values with output 
values (see page 4, first paragraph of Haperen). 

Regarding claims 5 and 18 , Haperen as modified by Ohta/Kocher teaches 
wherein said second password is issued once the registered user has selected said first 
password, and said second password is issued according to said pre-defined 
relationship (see fig. 11, 'set a password' of Ohta). 
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Regarding claims 6-8 and 19-21 , Haperen as modified by Ohta/Kocher teaches 
wherein said predefined relationship is determined according to one of the formula y=x, 
y=mx, y=mx+c, wherein said passwords are numerical and y is said first password, x is 
said second password and m and c are constant (see fig. 12, 'compare the password' 
and fig. 27, step 33/34 of Ohta). 

Regarding claims 10 and 23 . Haperen as modified by Ohta/Kocher teaches 
wherein said service relates to credit card payment facilities or electronic mail services 
(see col. 9, lines 50-65 of Kocher). 

Regarding claims 1 1 and 24 . Haperen as modified by Ohta/Kocher teaches 
wherein said service provider is a credit card payment authorization service (see col. 9, 
lines 50-65 of Kocher). 

Regarding claims 12 and 25 . Haperen as modified by Ohta/Kocher teaches 
wherein said unique graphic is a fractal (see fig. 1 of Haperen, any one of the images 
could be a fractal). 

Regarding claims 13 and 26 , Haperen as modified by Ohta/Kocher teaches 
wherein said fractal is drawn according to a Mandelbrot set according to the set of 
values of C for the series Z n+ i = (Z n ) 2 +C (see fig. 1 of Haperen, any one of the images 
could be a fractal). 
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Regarding claims 14 and 27 , Haperen as modified by Ohta/Kocher teaches 
wherein date time stamp data is issued to a registered user when they are issued with 
the unique graphic and this date time stamp is embedded within said unique graphic 
(see abstract of Kocher). 

Regarding claims 15 and 28 , examiner takes Official Notice that a transaction 
number is issued to the registered user for each service request that is granted over the 
computer network would have been obvious to one of ordinary skill in the art. It would 
have been obvious because, as is well known in online transaction systems, a user is 
given a transaction number for each purchase to provide a unique ID number for later 
verification. 

Regarding claim 31 , Haperen teaches a user authentication system to 
authenticate a registered user of a credit card service on an Internet environment, the 
authentication system comprising: 

• A client device operable by a user, said client submitting a unique graphic 
including an embedded second password, to the service provider via said web 
pages (page 4, first paragraph, the graphic is compared with a table in the 
computer to determine the actual password); and 

• Authentication software adapted to interface with said server to thereby extract 
the second password from the unique graphic and compare the submitted first 
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password and second password to determine if a pre-defined relationship exists 
between the passwords (page 4, first paragraph, computer finds associated 
identification via a table and computer checks), 
• Wherein in use, the client user is granted registered user status and is allowed 
access to said credit card service if said pre-defined relationship exists (page 4, 
first paragraph). 

Haperen does not teach a server connected to the Internet having one or more 
web pages associated with a vendor, said vendor web pages permitting purchase of 
goods/services therefrom and a client device adapted to connect to said service via the 
Internet and download one or more of said web pages, said client user being thereby 
permitted to submit a first password. 

Ohta teaches a client device, said client user being thereby permitted to submit a 
first password (fig. 27, step 33/34). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine supplying a first password for services acquired, as 
taught by Ohta , with the system of Haperen . It would have been obvious for such 
modifications because a password restricts entry of certain data/services to an 
authorized password bearer. 
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The combination of Haperen and Ohta still does not teach a client-server 
relationship. However, Kocher teaches a server connected to the Internet having one or 
more web pages associated with a vendor, said vendor web pages permitting purchase 
of goods/services therefrom and a client device adapted to connect to said service via 
the Internet and download one or more of said web pages (col. 9, lines 50-65). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a client-server service provider, as taught by Kocher , 
with the system of Haperen/Ohta . It would have been obvious for such modifications 
because a password restricts entry of certain data/services to an authorized password 
bearer. 

Claims 9 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haperen (U.K. Patent No. GB 2313460 A) in view of Ohta (USPN '640), and Kocher 
(USPN 766), and further in view of Cole et al. (U.S. Patent No. 5,226,080). 

Regarding claims 9 and 22 , Haperen as modified by Ohta/Kocher teaches all the 
limitations of claims 1 and 16 above. However, the combination does not teach wherein 
said user selects calendar dates as a password and a random number is issued that is 
associated with said selected one or more calendar dates. 
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Cole et al. teaches wherein said registered user selects one or more calendar 
dates as a password and a random number is issued that is associated with said 
selected one or more calendar dates, said random number being used to identify said 
registered user (col. 7, lines 19-49). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using calendar dates as a password, as taught by Cole 
et al. , with the system of Haperen/Ohta/Kocher . It would have been obvious for such 
modifications because a password based on dates provides the user an easy-to- 
remember password (birthdates of a family member). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon Hoffman whose telephone number is 571-272- 
3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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